{ "type": "URL", "indicator": "https://www.fetc-net.com", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://www.fetc-net.com", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3674927910, "indicator": "https://www.fetc-net.com", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 4, "pulses": [ { "id": "65709a1e31eda9b131962779", "name": "InQuest - 04-05-2023", "description": "", "modified": "2023-12-06T15:58:22.072000", "created": "2023-12-06T15:58:22.072000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 469, "URL": 1770, "hostname": 821, "domain": 718, "FileHash-MD5": 78, "FileHash-SHA1": 69 }, "indicator_count": 3925, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6458d363ac65bdfc01180c35", "name": "Eastern Asian Android Assault - FluHorse - Check Point Research", "description": "A newly discovered Android malware, called FluHorse, targets Eastern Asian markets and targets high-profile companies, but can remain undetected for months, according to research conducted by Check Point Research.", "modified": "2023-05-08T10:48:03.724000", "created": "2023-05-08T10:48:03.724000", "tags": [ "object pool", "c server", "flutter", "dart", "android", "check point", "electronic toll", "dart object", "fluhorse", "etc apk", "future", "virustotal", "play", "phishing", "night", "love", "example", "window", "first", "code", "format", "evil" ], "references": [ "https://research.checkpoint.com/2023/eastern-asian-android-assault-fluhorse/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Object Pool", "display_name": "Object Pool", "target": null } ], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" } ], "industries": [ "Industrial", "Government", "Finance", "Retail" ], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 5, "FileHash-SHA1": 5, "FileHash-SHA256": 13, "URL": 3, "domain": 2, "hostname": 12 }, "indicator_count": 40, "is_author": false, "is_subscribing": null, "subscriber_count": 862, "modified_text": "1119 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6458cde0cbbc7ab1e23c14ce", "name": "EASTERN ASIAN ANDROID ASSAULT \u2013 FLUHORSE", "description": "A new malware called FluHorse has been discovered, which targets different sectors of Eastern Asian markets through malicious Android applications that mimic legitimate ones. These apps have already been downloaded more than a million times and can steal victims' credentials and 2FA codes. The malware is distributed via emails, and in some cases, the emails used in the first stage of the attacks belong to high-profile entities. FluHorse is a persistent and dangerous threat that can remain undetected for months.", "modified": "2023-05-08T10:24:32.672000", "created": "2023-05-08T10:24:32.672000", "tags": [ "object pool", "c server", "flutter", "dart", "android", "check point", "electronic toll", "dart object", "fluhorse", "etc apk", "future", "virustotal", "play", "phishing", "night", "love", "example", "window", "first", "code", "format", "evil" ], "references": [ "https://research.checkpoint.com/2023/eastern-asian-android-assault-fluhorse/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Object Pool", "display_name": "Object Pool", "target": null } ], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" } ], "industries": [ "Industrial", "Finance" ], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Superpro", "id": "61676", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 5, "FileHash-SHA1": 5, "FileHash-SHA256": 13, "URL": 3, "domain": 2, "hostname": 12 }, "indicator_count": 40, "is_author": false, "is_subscribing": null, "subscriber_count": 213, "modified_text": "1119 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64543de5371b85332405dc01", "name": "InQuest - 04-05-2023", "description": "", "modified": "2023-05-04T23:21:09.455000", "created": "2023-05-04T23:21:09.455000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 469, "domain": 718, "URL": 1770, "FileHash-MD5": 78, "hostname": 821, "IPv4": 75, "FileHash-SHA1": 69 }, "indicator_count": 4000, "is_author": false, "is_subscribing": null, "subscriber_count": 1622, "modified_text": "1123 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://research.checkpoint.com/2023/eastern-asian-android-assault-fluhorse/", "https://labs.inquest.net/iocdb" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Object pool" ], "industries": [ "Finance", "Industrial", "Retail", "Government" ], "unique_indicators": 4024 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/fetc-net.com", "whois": "http://whois.domaintools.com/fetc-net.com", "domain": "fetc-net.com", "hostname": "www.fetc-net.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 4, "pulses": [ { "id": "65709a1e31eda9b131962779", "name": "InQuest - 04-05-2023", "description": "", "modified": "2023-12-06T15:58:22.072000", "created": "2023-12-06T15:58:22.072000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 469, "URL": 1770, "hostname": 821, "domain": 718, "FileHash-MD5": 78, "FileHash-SHA1": 69 }, "indicator_count": 3925, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6458d363ac65bdfc01180c35", "name": "Eastern Asian Android Assault - FluHorse - Check Point Research", "description": "A newly discovered Android malware, called FluHorse, targets Eastern Asian markets and targets high-profile companies, but can remain undetected for months, according to research conducted by Check Point Research.", "modified": "2023-05-08T10:48:03.724000", "created": "2023-05-08T10:48:03.724000", "tags": [ "object pool", "c server", "flutter", "dart", "android", "check point", "electronic toll", "dart object", "fluhorse", "etc apk", "future", "virustotal", "play", "phishing", "night", "love", "example", "window", "first", "code", "format", "evil" ], "references": [ "https://research.checkpoint.com/2023/eastern-asian-android-assault-fluhorse/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Object Pool", "display_name": "Object Pool", "target": null } ], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" } ], "industries": [ "Industrial", "Government", "Finance", "Retail" ], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 5, "FileHash-SHA1": 5, "FileHash-SHA256": 13, "URL": 3, "domain": 2, "hostname": 12 }, "indicator_count": 40, "is_author": false, "is_subscribing": null, "subscriber_count": 862, "modified_text": "1119 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6458cde0cbbc7ab1e23c14ce", "name": "EASTERN ASIAN ANDROID ASSAULT \u2013 FLUHORSE", "description": "A new malware called FluHorse has been discovered, which targets different sectors of Eastern Asian markets through malicious Android applications that mimic legitimate ones. These apps have already been downloaded more than a million times and can steal victims' credentials and 2FA codes. The malware is distributed via emails, and in some cases, the emails used in the first stage of the attacks belong to high-profile entities. FluHorse is a persistent and dangerous threat that can remain undetected for months.", "modified": "2023-05-08T10:24:32.672000", "created": "2023-05-08T10:24:32.672000", "tags": [ "object pool", "c server", "flutter", "dart", "android", "check point", "electronic toll", "dart object", "fluhorse", "etc apk", "future", "virustotal", "play", "phishing", "night", "love", "example", "window", "first", "code", "format", "evil" ], "references": [ "https://research.checkpoint.com/2023/eastern-asian-android-assault-fluhorse/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Object Pool", "display_name": "Object Pool", "target": null } ], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" } ], "industries": [ "Industrial", "Finance" ], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Superpro", "id": "61676", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 5, "FileHash-SHA1": 5, "FileHash-SHA256": 13, "URL": 3, "domain": 2, "hostname": 12 }, "indicator_count": 40, "is_author": false, "is_subscribing": null, "subscriber_count": 213, "modified_text": "1119 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64543de5371b85332405dc01", "name": "InQuest - 04-05-2023", "description": "", "modified": "2023-05-04T23:21:09.455000", "created": "2023-05-04T23:21:09.455000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 469, "domain": 718, "URL": 1770, "FileHash-MD5": 78, "hostname": 821, "IPv4": 75, "FileHash-SHA1": 69 }, "indicator_count": 4000, "is_author": false, "is_subscribing": null, "subscriber_count": 1622, "modified_text": "1123 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://www.fetc-net.com", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://www.fetc-net.com", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780301810.9910944 }